Properly configuring an operating system to perform secure communications can be difficult. Configuring protocols within the operating system may require configuring a certificate from a certification authority and/or key pairs that form the basis for secure communications. If the operating system or application has not been properly secured the certificate and/or private key may be at risk of loss through server compromise by an intruder. Compromise of a private key causes a loss of trust in the cryptographic benefits of secure communication, as the key may be used by the intruder.
Various attempts have been tried to limit access to keys to prevent key loss. For example, a public key cryptography standard PKCS#11 has been used in a virtual machine to expose cryptographic primitives without exposing the key itself to the guest operating system. However, the solution can be difficult to configure, as different software may have different requirements for using PKCS#11. While various techniques have been employed to effectively minimize the chances of a key loss, due to the complexity of the tasks, the employed techniques are of varied success.